Skills
skills/waniwani-ai/sdk/knowledge-base/Gen Agent Trust Hub

knowledge-base

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill defines an ingestion process in scripts/kb-ingest.ts that reads markdown files from the local filesystem and transmits their content to the WaniWani KB API for indexing. This behavior is consistent with the skill's stated purpose of setting up a remote knowledge base.
  • [COMMAND_EXECUTION]: The skill directs the agent to use shell commands including bun run kb:ingest and bun run build to execute the generated ingestion script and verify the project state.
  • [PROMPT_INJECTION]: The faq.ts tool introduces an indirect prompt injection surface by retrieving and displaying content from ingested markdown files without boundary markers. 1. Ingestion points: Markdown files located in lib/{MCP_NAME}/knowledge-base/knowledge/ are processed by scripts/kb-ingest.ts. 2. Boundary markers: No delimiters or protective instructions are used in the search tool's output to separate search results from system instructions. 3. Capability inventory: The skill uses client.kb.ingest for data upload and client.kb.search for data retrieval. 4. Sanitization: No validation or sanitization of the markdown content is performed before ingestion or retrieval.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 05:05 AM